YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 91fbc24210719c61622051081b4439f3e44d9a1c592556f6555c15e8bfd062a2.

Scan Results

SHA256 hash: 91fbc24210719c61622051081b4439f3e44d9a1c592556f6555c15e8bfd062a2
File size:199'988 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: dacdac99519c36c0fd439291d74c2b40
SHA1 hash: a4368588aad798dee3292e705b01768bd2b5c031
SHA3-384 hash: 4275265b51f7984d6d7f592600753569f22231ac63f59a6236917874f5ce602973fdc2303cd17cba4f514fb89f9b3431
First seen:2026-01-19 18:14:32 UTC
Last seen:Never
Sightings:1
imphash : 0207cb676f5843dc4a3f86046e8fcef1
Create hunting rule
ssdeep : 1536:atbZRNWzIpv6Xz7iLWhw5PboEymE6flQrh:atbZRNWzIpv6Xz7zhw5Pc+E69Qr
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:b40fff0b-f562-11f0-9df4-42010aa4000b
File name:400000.515fbe4b-3465-4b26-922e-5ae67aeaa262.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:MiscreantPunch.SingleXOR.EXE.5.UNOFFICIAL
Create hunting rule
Signature:SecuriteInfo.com.Trojan.DownLoader.56609.7966.14826.UNOFFICIAL
Create hunting rule
Signature:Win.Worm.Socks-10
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:command_and_control
Create hunting rule
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:TLP:WHITE
Repository:CD-R0M
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:TLP:WHITE
Repository:YARAify
Rule name:SUSP_XORed_MSDOS_Stub_Message
Create hunting rule
Author:Florian Roth
Description:Detects suspicious XORed MSDOS stub message
Reference:https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
TLP:TLP:WHITE
Repository:Neo23x0
Rule name:Suspicious_Process
Create hunting rule
Author:Security Research Team
Description:Suspicious process creation
TLP:TLP:WHITE
Repository:YARAify
Rule name:upx_3
Create hunting rule
Author:Kevin Falcoz
Description:UPX 3.X
TLP:TLP:WHITE
Rule name:UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:UPXv20MarkusLaszloReiser
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:vmdetect
Create hunting rule
Author:nex
Description:Possibly employs anti-virtualization techniques
TLP:TLP:WHITE
Repository:
Rule name:classified
Author:classified
Description:classified
TLP :TLP:AMBER

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.